<?php
/**
 * authorize module Userflag
 * 
 * @author gERD Schaufelberger <gerd@exit0.net>
 * @copyright 2004 by http://wombat.exit0.net
 * @package wombatSite
 * @subpackage user
 */
 
/**
 * The Userflag module authorizes against a specified flag of a user.
 * 
 * Flags are stored per user in the database. Common flags are: "new", 
 * "enabled" and "deleted". This authorisation module checks whether the 
 * user has a flag defined in the rule. It is also possible to negate the
 * rule by adding a "!" in front of the flag (e.g.: "!new")
 * 
 * Please notice, that the global login handler also checks user flags
 * (see config-value: "<auth:flags />"). So it usually doesn't make sense to
 * check the same flags which are already checked during login. 
 * 
 * @version 1.0.0
 * @package wombatSite
 * @subpackage user
 */
class wbAuthorize_Userflag
{
   /**
    * authorize against rule
	* 
	* The rule is the name of a flag. It is also allowed to add an "!" in front
	* of the flag-name; that means that it will negate the request.
	*
	* @access public
	* @param string $rule 
	* @return boolean $result true on success
	*/
    function checkAuthorisation( $rule )
    {
		$auth	=&	wbFactory::singleton( 'wbAuth' );
		
		// check if user is logged in
		if( !$auth->isAuthenticated() ) {
			return false;
		}
		
        
		if( empty( $rule ) ) {
			return true;
		}
		
        $flags	=	$auth->getUserFlags();
		if( $rule[0] === '!' ) {
			$rule	=	substr( $rule, 1 );
			return !in_array( $rule, $flags );
		}
		
		return in_array( $rule, $flags );
    }
}
?>